Page Header Logo
TEI of Athens eJournals

Implementation of GDPR in Greek Companies. The necessary steps for integration.

Nikolaos Christos Kareklas, Zoe Michalopoulou, Fani Giannakopoulou



Purpose - The purpose of this paper is to examine the application of the European General Data Protection Regulation (GDPR) to Greek companies. The research investigated the positive and negative impact of the implementation of the Regulations, 18 months after the new legislation went active, regarding technological, organizational and legal issues.

Design/methodology/approach – For this research first step was the study of existing literature. Then, questionnaires were distributed to companies liable to the GDPR for the collection of quantitative data. Finally, a conduct research was made in a company that offers records management services trying to bring the services in compliance with GDPR.

Findings – The above procedures have yielded significant findings regarding the actual implementation of GDPR in the companies and the technological and organizational issues that took place and need to be resolved.

The most important outcomes from this research is a) that the companies are in need for more guidance from the competent authorities in the field of data protection, b) there is a significant cost required to implement the changes in organizational structures and c) the important role of the Data Protection Officer (DPO).


General Data Protection Regulation - GDRP, Records Management, Data Protection Officer - DPO, Protection of Personal data


uthority for the protection of personal data. (n.d.-b). Citizens' rights under the GDPR. Retrieved from,209342&_dad=portal&_schema=PORTAL

Authority for the protection of personal data. (n.d.-c). Data Protection Officer (DPO). Retrieved from,211475&_dad=portal&_schema=PORTAL

European data protection board. (2018, April 20). Role of the NSRF - European Data Protection Board. Retrieved July 7, 2019, from European Data Protection Board website:

European Data Protection Supervisor (EDPS) | European Union. (2016). European Union. Retrieved from

European Parliament, & Council of Europe. (1995). Directive 95/46 / EC on the protection of individuals against the processing of personal data and the free movement of such data.

Guidelines of Article 29 of the Working Group on Data Protection Officers WP 243 rev.01 Group for the Protection of Persons against the Processing of Personal Data. (2018, January 24). Retrieved from Lawspot website:

PIAF: A Privacy Impact Assessment Framework for Data Protection and Privacy Rights. › Research Explorer. (2020). In Retrieved from

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons against processing of personal data and for the free circulation of this data and the abolition of Directive 95/46 / EC (General Data Protection Regulation). (2016). Official Journal of the European Union. Retrieved from

SAS. (2018). GDPR compliance in a data-driven world Insights from a 2018 survey. Retrieved from Statistical Analysis System (SAS) website:

SEV. (2018). The General Data Protection Regulation (GDPR): opportunities and challenges for businesses in the digital age. Economy and Business. Retrieved from

General Data Protection Regulation. (2016). Retrieved from website:

Full Text: PDF

DOI: 10.26265/jiim.v5i1.4424


  • There are currently no refbacks.

The application for presenting electronic journals TEI developed within subproject 2 "electronic publishing service" the Act "Development Services Digital Library of TEI" and financed by the operational program "Digital Convergence", NSRF 2007-2013.